Google Git
Sign in
apache / hawq / b0a71f0617b68c0977acd6d3601052a7e80bacf5 / . / depends / libhdfs3 / src / client / KmsClientProvider.h
blob: a6c433600b045245b2f1e4b525315b57f44c7715 [file] [log] [blame]
/********************************************************************
* 2014 -
* open source under Apache License Version 2.0
********************************************************************/
/**
* Licensed to the Apache Software Foundation (ASF) under one
* or more contributor license agreements. See the NOTICE file
* distributed with this work for additional information
* regarding copyright ownership. The ASF licenses this file
* to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#ifndef _HDFS_LIBHDFS3_CLIENT_KMSCLIENTPROVIDER_H_
#define _HDFS_LIBHDFS3_CLIENT_KMSCLIENTPROVIDER_H_
#include <string>
#include <gsasl.h>
#include "openssl/conf.h"
#include "openssl/evp.h"
#include "openssl/err.h"
#include "FileEncryptionInfo.h"
#include "HttpClient.h"
#include <vector>
#include "common/SessionConfig.h"
#include "rpc/RpcAuth.h"
#include "common/Memory.h"
#include <boost/property_tree/ptree.hpp>
using boost::property_tree::ptree;
using namespace Hdfs::Internal;
namespace Hdfs {
class KmsClientProvider {
public:
/**
* Construct a KmsClientProvider instance.
* @param auth RpcAuth to get the auth method and user info.
* @param conf a SessionConfig to get the configuration.
*/
KmsClientProvider(shared_ptr<RpcAuth> auth, shared_ptr<SessionConfig> conf);
/**
* Destroy a KmsClientProvider instance.
*/
virtual ~KmsClientProvider() {
}
/**
* Set HttpClient object.
*/
void setHttpClient(shared_ptr<HttpClient> hc);
/**
* Create an encryption key from kms.
* @param keyName the name of this key.
* @param cipher the ciphertext of this key. e.g. "AES/CTR/NoPadding" .
* @param length the length of this key.
* @param material will be encode to base64.
* @param description key's info.
*/
virtual void createKey(const std::string &keyName, const std::string &cipher, const int length, const std::string &material, const std::string &description);
/**
* Get key metadata based on encrypted file's key name.
* @param encryptionInfo the encryption info of file.
* @return return response info about key metadata from kms server.
*/
virtual ptree getKeyMetadata(const FileEncryptionInfo &encryptionInfo);
/**
* Delete an encryption key from kms.
* @param encryptionInfo the encryption info of file.
*/
virtual void deleteKey(const FileEncryptionInfo &encryptionInfo);
/**
* Decrypt an encrypted key from kms.
* @param encryptionInfo the encryption info of file.
* @return return decrypted key.
*/
virtual ptree decryptEncryptedKey(const FileEncryptionInfo &encryptionInfo);
/**
* Encode string to base64.
*/
static std::string base64Encode(const std::string &data);
/**
* Decode base64 to string.
*/
static std::string base64Decode(const std::string &data);
private:
/**
* Convert ptree format to json format.
*/
static std::string toJson(const ptree &data);
/**
* Convert json format to ptree format.
*/
static ptree fromJson(const std::string &data);
/**
* Parse kms url from configure file.
*/
std::string parseKmsUrl();
/**
* Build kms url based on urlSuffix and different auth method.
*/
std::string buildKmsUrl(const std::string &url, const std::string &urlSuffix);
/**
* Set common headers for kms API.
*/
void setCommonHeaders(std::vector<std::string>& headers);
shared_ptr<HttpClient> hc;
std::string url;
shared_ptr<RpcAuth> auth;
AuthMethod method;
shared_ptr<SessionConfig> conf;
};
}
#endif